We’ve spent a lot of time talking about data privacy and how to manage data transfers between Europe and the United States in recent weeks and months. But how do other countries manage data privacy, particularly those outside our common western legal and linguistic norms? While there have been a few pieces written on China and Hong Kong, for example, there is not the same body of knowledge available.
That is why a recent article on Chris Dale’s e-Disclosure Information Project on the data protection regime in China caught our eye. Published by the he European Parliament’s Directorate-General for Internal Policies, Policy Department C: Citizens’ Rights and Constitutional Affairs, the paper lends strong insight into why we are nowhere near to a global data protection and transfer standard. Moreover, the report emphasizes, rightly, that while the same terminology might be used, the meaning and applications of those terms is not the same. Linguistic challenges simply add to the complexity of rules and the pitfalls of human rights issues that are often at stake in data protection in China and Hong Kong.
The report elicits four key findings that should help guide the management of data in cases that touch Chinese interests. They are well measured in terms of ignoring both the inherent bias of starting from a Western cultural bias and the need to weigh human rights concerns against the necessities of conducting business relationships and engaging in commercial activities.
- “The assessment of a Western-type human rights model against an Asian background s by no means an easy task, given the big differences in the cultures involved. This task is further burdened when the country in question is China, where the essential human rights’ conditions (horizontal application, independent courts and legal certainty) are not in place.
- A careful and flexible approach is advised in order to bring together in a meaningful and practical way two fundamentally different approaches on the issue of human rights that are necessitated by financial and political considerations but are not, in the same way, enabled either by social or by legal factors.
- On the other hand, the individual right to data protection is a relatively recent addition to the EU list of human rights, that is currently furthered through ongoing elaboration of the EU data protection reform package; in particular, the EU General Data Protection Regulation, once in effect, is expected to set the EU data protection threshold even higher.
- Outside the EU, despite of the fact that the majority of countries regulate by now personal data processing, the EU data protection model is not the international standard. In addition, the term “data protection” may have a different meaning to that given within the EU even in countries that have chosen to enact data protection acts within their respective jurisdictions.”
Interested in reading more? You can download a complete copy of the report here.